Coercion Resistant Passwords

Author:

Mentor:

Current text-based authentication systems cannot withstand the situation where the user is forced to release the password under hostile circumstances. An alternative is Coercion Resistant Passwords which cannot be explained to others, will not be authenticated under pressure, and are not susceptible to brute-force attacks. In this research, we discuss a specific implementation of Coercion Resistant Passwords using individual’s subconscious physiological responses to music as an authenticating factor. During a training period the user’s physiological responses to music are measured at a base level of relaxation. The user is then played a sample of music which is personally chosen as physiologically stimulating by the user. This music is played multiple times and the user’s physiological signs are recorded for each attempt. When the user attempts to log in to the system, first his/her at-rest physiological signs are checked to verify they match the training period's collected data. If verified, the user’s selected music is then played and the subject’s physiological responses are compared to the collected physiological data from the combined training data. The subject’s validity is then decided based on the similarity of the collected data to the training data. Based upon findings from the DEAP data set, a collection of physiological responses to music videos linked to user rated liking of the music videos, we have created a method of determining the similarity of physiological responses to stimulus over time which shows the feasibility of our system in practice.